Skip to content

IP Profile and IP Tools

The IP Profile and IP Tools panels provide comprehensive IP address information and network diagnostic tools. Use these panels to investigate IP addresses, verify hosting, and perform network analysis.

IP Profile

The IP Profile panel is analogous to the Domain Profile panel, providing key data points for IP addresses.

What's included

The IP Profile displays:

  • IP address: The IPv4 or IPv6 address
  • WHOIS data: Registration information for the IP
  • Geolocation: Country, region, city
  • ASN: Autonomous System Number
  • ISP: Internet Service Provider
  • Organization: Entity that owns the IP block
  • Network range: CIDR block containing the IP
  • Raw WHOIS record: Complete IP WHOIS text

Access IP Profile

Open the IP Profile from:

  • Operations Menu: Right-click any IP address
  • IP Inspect view: Select the magnifying glass icon next to an IP address
  • Direct navigation: Navigate to the IP Profile panel

IP Inspect view

In most places where an IP address is displayed across Iris Investigate, a magnifying glass icon appears just to the right of the address. Selecting the icon brings up the IP Inspect view, which provides a fast way to view the IP Profile and IP Tools data without losing your place in the interface.

Pivot from IP Profile

Right-click any field value in the IP Profile to open the Operations Menu and:

  • Create new searches based on that value
  • Narrow or expand your current search
  • Exclude results containing that value
  • Navigate to related panels

Common pivots from IP Profile:

  • ASN: Find domains on the same autonomous system
  • ISP: Discover domains with the same hosting provider
  • Organization: Search by IP block owner
  • Network range: Identify domains in the same CIDR block

IP Tools

The IP Tools panel provides three network diagnostic tools to investigate IP address information.

Ping

Ping generally tells you whether the IP address is reachable.

How to use:

  1. Navigate to the IP Tools panel.
  2. Select Ping.
  3. Review the results.

Important: When you trigger a ping through the interface, the ping originates from DomainTools and includes no record of your involvement.

Traceroute

Traceroute provides insights into the hosting, routing, and reachability of the IP address.

How to use:

  1. Navigate to the IP Tools panel.
  2. Select Traceroute.
  3. Review the routing path.

Important: When you trigger a traceroute through the interface, it originates from DomainTools and includes no record of your involvement.

PTR (Pointer Record)

PTR, the DNS Pointer (PTR) record, is commonly used as a form of Reverse DNS lookup. It shows the CNAME of the IP address, which tells you about the actual owner of the address (often a hosting provider) but not necessarily about the domains that may be hosted on that address.

How to use:

  1. Navigate to the IP Tools panel.
  2. Select PTR.
  3. Review the pointer record.

Use cases

Verify hosting

Confirm IP address ownership and hosting:

  • ISP and organization information
  • Geographic location
  • Network range
  • Reverse DNS

Investigate infrastructure

Analyze hosting patterns:

  • Shared hosting environments
  • Hosting provider patterns
  • Geographic distribution
  • Network relationships

Network diagnostics

Troubleshoot connectivity and routing:

  • Reachability testing with ping
  • Routing path analysis with traceroute
  • Reverse DNS verification with PTR

Threat intelligence

Identify suspicious hosting:

  • Known malicious IP ranges
  • Bulletproof hosting providers
  • Unusual geographic locations
  • Shared infrastructure with known threats

Best practices

Efficient analysis

  1. Start with IP Profile: Get overview of IP ownership.
  2. Check geolocation: Verify expected location.
  3. Review ASN/ISP: Understand hosting provider.
  4. Use tools as needed: Ping, traceroute, PTR for additional context.

Investigation workflow

  1. Identify IP: From Domain Profile or pDNS.
  2. Open IP Profile: Review ownership and location.
  3. Pivot on attributes: Find related domains.
  4. Use diagnostic tools: Verify connectivity and routing.
  5. Document findings: Note suspicious patterns.

What to look for

Legitimate patterns:

  • Recognized hosting providers
  • Appropriate geographic locations
  • Consistent ASN/ISP information
  • Valid reverse DNS

Suspicious patterns:

  • Bulletproof hosting providers
  • Unusual geographic locations
  • Shared hosting with known malicious domains
  • Missing or suspicious reverse DNS

Limitations

  • IP WHOIS data accuracy depends on registrar maintenance
  • Geolocation may not be precise
  • Network tools originate from DomainTools infrastructure
  • Some networks may block diagnostic tools

See also